RE: Snort sensor setup

["Michael Steele" <michaels () winsnort com>]

You'll probably get a lot fancier answer but all you need is Snort at each
remote location with the output database line directed back to you master
sensor.

You need a clear shot between the client and server. You can run the clients
on a UNIX or Windows box. You should have an encrypted tunnel between the
client and server. The client boxes could be anything, or almost. It's
fairly simple to setup the remote sensors. It's securing the connection that
is the challenge.

Good luck.

There is a guide on our site for setting up remote sensors.

Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



> -----Original Message-----
> From: snort-users-admin () lists sourceforge net [mailto:snort-users-
> admin () lists sourceforge net] On Behalf Of Lance Boon
> Sent: Monday, March 22, 2004 1:38 PM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Snort sensor setup
>
> I'm looking for recommendations for setting up snort
> in a multi site environment. I've got 5 branch offices
> that are connected via ipsec over cable modem to the
> main office which is also on cable modem. I've got
> snort up and running in the main office thanks to
> Patrick Harpers guide. If I just had snort sensors
> setup in the branch offices and set those up to log
> back to the main office using MySql how much bandwidth
> would I be consuming? The maximum upload that I have
> is 768k. I could have all the offices setup with their
> own dedicated MySql, Acid, Apache etc.. setup but I'm
> looking to consolidate and have the sensors log back
> to 1 MySql server versus 6 individual servers. Also if
> it works to have them all log back to the main office
> would the best setup be to have individual snort
> databases etc and have apache etc setup accordingly.
> Any suggestions or recommendations would be greatly
> appreciated.
>
> Lance
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance Tax Center - File online. File on time.
> http://taxes.yahoo.com/filing.html
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users